By Aman Shah and Siddharth Cavale
March 7 Visa Inc and MasterCard Inc
said they had launched a cross-industry group to improve
security for card transactions and press U.S. retailers and
banks to meet a 2015 deadline to adopt technology that would
make it safer to pay with plastic.
The move follows several data breaches at U.S. retailers,
including one at Target Corp late last year involving
the theft of about 40 million credit and debit card records.
The new group - which includes banks, credit unions,
retailers and industry trade associations - will initially focus
on the adoption of 'EMV' chip technology, MasterCard and Visa
said in a statement on Friday..
EMV cards, already used in Europe and Asia, store
information on computer chips rather than on traditional
magnetic strips, making them harder to counterfeit.
They can also require - depending on the issuer - that users
enter a personal identification number, or PIN, to make
purchases, adding an extra layer of security.
However, the National Retail Federation, the world's largest
retail trade association, said it had not joined the group
because there were no plans to immediately implement the PIN
option, making for a "half-baked solution."
"They're not serious about reducing fraud, unless they put a
pin on," said Mallory Duncan, the NRF's general counsel.
"We remain insistent that U.S. retailers' customers be given
the same protections as consumers in more than 80 countries who
have both a chip and a PIN securing their credit and debit
cards," Duncan said in a statement.
Visa and MasterCard declined to provide details on specific
proposals for the technology to be used in the cards or the
make-up of the cross-industry group.
The American Bankers Association did not respond to requests
for comment but Patrick Keefe, a spokesman for the Credit Union
National Association, confirmed that the trade association was
part of the industry group.
"The recent high-profile breaches have served as a catalyst
for much needed collaboration between the retail and financial
services industry on the issue of payment security," Visa
President Ryan McInerney said in the statement.
STRIKING WHILE IRON IS HOT
MasterCard and Visa had already set a deadline of October
2015 for U.S. retailers to adopt the new payment technology.
"Probably about 80 percent plus of the larger retailers were
going to be able to make the deadline anyways," said David
Robertson, publisher of payment industry newsletter The Nilson
Report. Robertson said the formation of the group would help
push small and mid-size retailers to adopt the new technology.
Banks and retailers have been dragging their feet over the
upgrade, at odds over how the costs would be split.
The NRF has said it could cost the U.S. retail industry
about $30 billion to upgrade to chip-based cards, including
equipment, training and software.
"Banks and retailers want to make sure that if they invest
in new infrastructure, they'll get the return in reduced fraud,"
Wedbush Securities analyst Gil Luria told Reuters.
MasterCard and Visa said the group would also address
security issues with mobile and online transactions. One
proposed solution is for traditional account numbers to be
replaced by a unique digital payment code.
Target said last month it was accelerating a $100 million
program to implement the use of chip-enabled smart cards to
protect against cyber threats, with a goal to have the
technology in place by early 2015.
"In the aftermath of the Target breach, security is on the
minds of executives in the way it hasn't been in a very long
time," Robertson said. "This is a classic example of trying to
strike while the iron is hot."